lomcio utworzono 25 lutego utworzono 25 lutego Hej, ostatnio mnie naszło by przeskanować mojego laptopa kompletnie pod kątem bezpieczeństwa , czy nie ma żadnych keylogerów oraz innych wirusów, przeskanowałem laptopa wbudowanym narzędziem od Windowsa, nic nie pokazało ale jakoś temu nie ufam. Mógłbym mnie ktoś przeprowadzić przez taki pełny proces przeskanowania laptopa czy nic w nim złego nie siedzi, byłym ogromnie wdzięczny
leelareso komentarz 25 lutego komentarz 25 lutego Dobry też jest rogue killer, tylko pobierz wersję portable i przed skanowaniem w ustawieniach skanowanie ustaw opcję beta malpe. 1
lomcio komentarz 25 lutego Autor komentarz 25 lutego Malwarebytes nic nie wykazało, natomiast Rogue Killer już tak, jest się czym martwić? Oto raport: Cytuj Program : RogueKiller Anti-Malware Version : 15.15.2.0 x64 : Yes Program Date : Feb 19 2024 Location : C:\Users\aspat\Desktop\RogueKiller_portable64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 11 (10.0.22631) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : aspat User is Admin : Yes Date : 2024/02/25 20:51:51 Type : Scan Aborted : No Scan Mode : Standard Duration : 295 Found items : 8 Total scanned : 97210 Signatures Version : 20240216_101755 Truesight Driver : Yes Updates Count : 24 ************************* Warnings ************************* ************************* Updates ************************* Avast Free Antivirus (64-bit), version 24.1.6099 [+] Available Version : 24.1.8821 [+] Size : 0 [+] Wow6432 : No [+] Portable : No [+] update_location : S:\Program Files\Avast Software\Avast CPUID CPU-Z 2.07 (64-bit), version 2.07 [+] Available Version : 2.09 [+] Size : 5577728 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\CPUID\CPU-Z\ CrystalDiskInfo 9.1.1 (64-bit), version 9.1.1 [+] Available Version : 9.2.3 [+] Size : 17027072 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\CrystalDiskInfo\ Notepad++ (64-bit x64) (64-bit), version 8.5.8 [+] Available Version : 8.6.4 [+] Size : 15680512 [+] Wow6432 : No [+] Portable : No WinRAR 6.23 (64-bitowy) (64-bit), version 6.23.0 [+] Available Version : 6.24 [+] Size : 0 [+] Wow6432 : No [+] Portable : No [+] update_location : S:\Program Files\WinRAR\ Battle.net (32-bit), version 2.27.0.14542 [+] Available Version : 2.29.0.14647 [+] Size : 0 [+] Wow6432 : Yes [+] Portable : No [+] update_location : E:\Warzone\Battle.net ExpressVPN (32-bit), version 2.5.22300.30 [+] Available Version : 12.73.0.10 [+] Size : 934912 [+] Wow6432 : Yes [+] Portable : No Planet9 Stub (64-bit), version 1.0.167 [+] Available Version : 1.0.197 [+] Size : 249630720 [+] Wow6432 : No [+] Portable : No User Experience Improvement Program Service (64-bit), version 5.00.3016 [+] Available Version : 5.00.3018 [+] Size : 16541696 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\Acer\User Experience Improvement Program Service\Framework\ 4K Video Downloader (64-bit), version 4.28.0.5600 [+] Available Version : 4.29.0.5640 [+] Size : 308404224 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\4KDownload\4kvideodownloader\ NitroSense Service (64-bit), version 3.01.3046 [+] Available Version : 3.01.3052 [+] Size : 15142912 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\Acer\NitroSense Service\ Quick Access Service (64-bit), version 3.00.3044 [+] Available Version : 3.00.3052 [+] Size : 14569472 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\Acer\Quick Access Service\ NVIDIA Sterownik graficzny 537.13 (64-bit), version 537.13 [+] Available Version : 551.61 [+] Size : 0 [+] Wow6432 : No [+] Portable : No [+] update_location : C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{212CB3AF-9FB7-4D5E-8EA9-546B9E949644} Adobe Photoshop 2021 (64-bit), version 22.4.1.211 [+] Available Version : 25.5.0.375 [+] Size : 3493393408 [+] Wow6432 : No [+] Portable : No [+] update_location : S:\Program Files (x86)\Adobe\Adobe Photoshop 2021 Rockstar Games Launcher (64-bit), version 1.0.77.1590 [+] Available Version : 1.0.85.1858 [+] Size : 233527296 [+] Wow6432 : No [+] Portable : No [+] update_location : S:\Program Files\Rockstar Games\Launcher Rockstar Games Social Club (64-bit), version 2.1.9.8 [+] Available Version : 2.2.7.3 [+] Size : 0 [+] Wow6432 : No [+] Portable : No Uplay (32-bit), version 101.0 [+] Available Version : 114.1 [+] Size : 0 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ Cadence Allegro Free Physical Viewers 16.6 (32-bit), version 16.6.1 [+] Available Version : 17.2 [+] Size : 39456768 [+] Wow6432 : Yes [+] Portable : No Epic Games Launcher (32-bit), version 1.3.82.0 [+] Available Version : 1.3.93.0 [+] Size : 247185408 [+] Wow6432 : Yes [+] Portable : No [+] update_location : S:\Program Files (x86)\Epic\Epic Games\ Epic Online Services (32-bit), version 2.0.42.0 [+] Available Version : 2.0.44.0 [+] Size : 319508480 [+] Wow6432 : Yes [+] Portable : No Java 8 Update 381 (32-bit), version 8.0.3810.9 [+] Available Version : 8.0.4010.10 [+] Size : 187681792 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\Java\jre-1.8\ FIFA 23 (64-bit), version 1.0.83.40087 [+] Available Version : 1.44.20513.9 [+] Size : 2121816064 [+] Wow6432 : No [+] Portable : No [+] update_location : S:\EA App\FIFA 23\ Apple Application Support (32-bit) (32-bit), version 4.3.2 [+] Available Version : 8.7 [+] Size : 120122368 [+] Wow6432 : Yes [+] Portable : No [+] update_location : C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ CapCut (32-bit), version 2.8.0.917 [+] Available Version : 3.4.0.1211 [+] Size : 0 [+] Wow6432 : Yes [+] Portable : No ************************* Processes ************************* ************************* Modules ************************* ************************* Services ************************* ************************* Scheduled Tasks ************************* ************************* Registry ************************* >>>>>> O87 - Firewall ├── [Suspicious.Path (Potencjalnie złośliwy)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{D1C24C6C-F4DF-42F1-A86D-166790AAAF9E}C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe|Name=dualsensex.exe|Desc=dualsensex.exe|Defer=User| -> Wykryto └── [Suspicious.Path (Potencjalnie złośliwy)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{B039E2BA-BD12-4171-AE07-26C9D672CA08}C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe|Name=dualsensex.exe|Desc=dualsensex.exe|Defer=User| -> Wykryto ************************* WMI ************************* ************************* Hosts File ************************* is_too_big : No hosts_file_path : C:\Windows\System32\drivers\etc\hosts ************************* Filesystem ************************* [Cloud.Generic (Złośliwy)] (shortcut) CH341A - USB Programmer 1.30.lnk -- C:\Users\aspat\Desktop\CH341A - USB Programmer 1.30.lnk => C:\SkyGz\CH341A~1\CH341A~1.EXE -> Wykryto [Tr.Gen (Złośliwy)] (folder) Cached files -- C:\Users\aspat\AppData\Roaming\Cached files -> Wykryto [Cloud.Generic (Złośliwy)] (shortcut) CH341A - USB Programmer 1.30.lnk -- C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CH341A - USB Programmer 1.30\CH341A - USB Programmer 1.30.lnk => C:\SkyGz\CH341A~1\CH341A~1.EXE -> Wykryto [Cloud.Generic (Złośliwy)] (shortcut) CH341A - USB Programmer 1.30.lnk -- C:\Users\aspat\Desktop\CH341A - USB Programmer 1.30.lnk => C:\SkyGz\CH341A~1\CH341A~1.EXE -> Wykryto [Cloud.Generic (Złośliwy)] (file) CH341A - USB Programmer 1.30.exe -- C:\Users\aspat\Desktop\CH341A Programer 1.30\CH341A - USB Programmer 1.30.exe -> Wykryto ************************* Web Browsers ************************* >>>>>> Chrome Addon └── [PUP.Gen0 (Potencjalnie złośliwy)] Video Downloader Professional (C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ELICPJ~1) -- elicpjhcidhpjomhibiffojpinpmmpil -> Wykryto ************************* Antirootkit *************************
Bromidum komentarz 25 lutego komentarz 25 lutego (edytowane) @lomcio Podrzuć logi FRST - https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/, które wygenerujesz w programie opcją „skanuj”. Powstałe pliki tekstowe "frst.txt" oraz "addition.txt" załącz tutaj na forum. Masz wiedze na temat USB Programmer? Najpewniej false positive, ewentualnie komponent adware. Jest też wykrycie rozszerzenie do Chrome - Video Downloader Professional. Masz także wskazane, które programy wymagają aktualizacji. Edytowane 25 lutego przez Bromidum 1
lomcio komentarz 26 lutego Autor komentarz 26 lutego Naprawiam płyty główne i niekiedy trzeba zgrać albo wgrać bios, do tego używam USB Programmera, jeśli zagraża laptopowi to po prostu będę go używał na innym "roboczym" laptopie. Oto wyniki z FRST: frst.txt Cytuj Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 23.02.2024 Uruchomiony przez aspat (administrator) PATRYK (Acer Nitro AN515-57) (26-02-2024 10:29:09) Uruchomiony z C:\Users\aspat\Desktop\FRST64.exe Załadowane profile: aspat Platforma: Microsoft Windows 11 Home Wersja 23H2 22631.3155 (X64) Język: Polski (Polska) Domyślna przeglądarka: Chrome Tryb startu: Normal ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAgent.exe (C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (C:\Program Files\Acer\NitroSense Service\PSSvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAdminAgent.exe (C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe (C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe (C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe ->) (Acer Incorporated -> ) C:\Program Files\Acer\User Experience Improvement Program Service\Framework\CamUsage.exe (C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe ->) (Acer Incorporated -> ) C:\Program Files\Acer\User Experience Improvement Program Service\Framework\MicUsage.exe (C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\User Experience Improvement Program Service\Plugin\AppMonitor\AppMonitorPlugIn.exe (C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe (C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\87.0.2.0\crashpad_handler.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (drivers\RivetNetworks\Killer\KAPSService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe (drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe (DriverStore\FileRepository\cui_dch.inf_amd64_2fd56aca57cf42dd\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2fd56aca57cf42dd\igfxEM.exe (explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <25> (explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe <7> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSSvc.exe (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2fd56aca57cf42dd\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4ce8bafd96682424\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9d19662e01abea6b\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_5802b1615520e41c\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_0f43cda6a2474b5c\AS\IAS\IntelAudioService.exe (services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe (services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <3> (svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe (svchost.exe ->) (Acer Incorporated -> Microsoft) C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (By ZhongYang) [Brak podpisu cyfrowego] C:\Users\aspat\Desktop\TrafficMonitor\TrafficMonitor.exe (svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2fd56aca57cf42dd\igfxext.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe (svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\aspat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe ==================== Rejestr (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-27] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Ograniczenia <==== UWAGA HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-14] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-14] (Google LLC -> Google, Inc.) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [MicrosoftEdgeAutoLaunch_9C0351EC673C45D35EA025DF5DE5B6AC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Steam] => S:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [EpicGamesLauncher] => S:\Program Files (x86)\Epic\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-21] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2730600 2024-02-23] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [DualSenseX] => C:\Users\aspat\AppData\Local\DualSenseX\DualSenseX.exe [328192 2023-09-03] () [Brak podpisu cyfrowego] HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Opera GX Stable] => C:\Users\aspat\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-17] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-14] (Google LLC -> Google, Inc.) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\aspat\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [11556768 2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Discord] => C:\Users\aspat\AppData\Local\Discord\Update.exe [1525024 2024-01-29] (Discord Inc. -> GitHub) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [CanvaAutoLaunchAvailabilityCheckAgent] => C:\Users\aspat\AppData\Local\Programs\Canva\Canva.exe [166402704 2024-02-19] (Canva -> Canva Pty Ltd) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-14] (Google LLC -> Google, Inc.) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2024-01-02] (Adobe Inc. -> Adobe Systems Inc) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.69\Installer\chrmstp.exe [2024-02-24] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA ==================== Zaplanowane zadania (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {73A0631A-F5A0-4AC1-95D5-B94C1283E7AC} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-10-13] (Acer Incorporated -> ) Task: {400E56C0-0856-4130-BE32-AC189125BAC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.) Task: {05ABA444-AE39-46D7-AB0E-9367CEF8881C} - System32\Tasks\App Explorer => C:\Users\aspat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7574560 2023-03-29] (SweetLabs Inc -> SweetLabs, Inc) <==== UWAGA Task: {2BEF596E-B094-491F-9C61-42FDF74BB712} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.) Task: {18330C8D-AE72-41CF-BC6D-60F2173C97BA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{16B56237-630A-4106-9696-CBB563142397} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== UWAGA Task: {24141A4D-8296-4045-84D5-94719151B619} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {FAD12A7C-0BBE-4D7B-8C9F-7A2B3F8C605A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {7B66D6F6-DE62-4124-ACB7-FCFABA928691} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {4B8EBFC6-A60D-4F52-8379-528992D070E0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {9DC8F04D-AD31-4293-BA20-47E4B877268F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Brak pliku) Task: {0907B64E-C4F5-4D9D-BF6E-9DF3BE54C24F} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [612192 2022-06-13] (Acer Incorporated -> Acer Incorporated) Task: {A31002B7-7DD4-49C2-AC12-38AE349C184A} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> ) Task: {4AF1E1A6-755D-41EA-B0BF-6D6679F6ADC2} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [18224 2021-03-22] (Acer Incorporated -> ) Task: {943B3492-AD64-4DEF-A3CD-35EA56FC631B} - System32\Tasks\Oem\xvpnHelperTask => "%localappdata%\OEM\PromoX\XvpnHelper\XvpnInstaller.exe" /install (Brak pliku) Task: {3E690ED6-0AEE-4588-9033-091F1F0F85A5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {90B6E8F3-C41F-43A8-8CB1-11D343B30854} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2444858711-1819379462-4076300061-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {B6DC7207-D48F-463F-A044-1280DB7F0F53} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1696368095 => C:\Users\aspat\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-17] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\aspat\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {9B792FE5-3608-4BF6-9A41-00DB6A8FBC0B} - System32\Tasks\Opera GX scheduled Autoupdate 1695645282 => C:\Users\aspat\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-17] (Opera Norway AS -> Opera Software) Task: {54BF97EF-C019-4A4E-B70A-47A4101CB33C} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2444858711-1819379462-4076300061-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation) Task: {1569AC23-A696-48B7-9228-FCC11BE2D76A} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2777064 2022-05-24] (Acer Incorporated -> Acer Incorporated) Task: {F6BC8826-6A1E-4CA5-842C-9C1CF9CE7D99} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [450536 2022-05-24] (Acer Incorporated -> Acer Incorporated) Task: {F48C3E36-40B3-47A9-8072-10104C63C35E} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-03-01] (Acer Incorporated -> Acer Incorporated) Task: {F320463A-D9F9-49B2-BA1A-FE9D868C0DED} - System32\Tasks\StorPSCTL => C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe [153640 2021-03-29] (Acer Incorporated -> Microsoft) Task: {B7CE58C0-2C5F-41B1-8F2A-FFD2A6EC9519} - System32\Tasks\TrafficMonitor\Autorun for aspat => C:\Users\aspat\Desktop\TrafficMonitor\TrafficMonitor.exe [1713152 2022-11-18] (By ZhongYang) [Brak podpisu cyfrowego] Task: {745C54ED-F9B5-47DC-9E9B-A83DA5379027} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [342672 2022-06-01] (Acer Incorporated -> Acer Incorporated) Task: {A398C565-AFB0-4F59-A1F9-E93078FD13B3} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211560 2022-05-17] (Acer Incorporated -> Acer Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{73101cad-e87a-4b10-bfee-fd3dd6c07745}: [DhcpNameServer] 192.168.1.20 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{e1814856-1763-46f4-a933-1dee151467a0}: [DhcpNameServer] 192.168.1.20 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{e1814856-1763-46f4-a933-1dee151467a0}\845514755494D285E65324: [DhcpNameServer] 192.168.100.1 Edge: ======= Edge Profile: C:\Users\aspat\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-04] Edge Extension: (Dokumenty Google offline) - C:\Users\aspat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-02] Edge Extension: (Edge relevant text changes) - C:\Users\aspat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-26] FireFox: ======== FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.381.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.381.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default [2024-02-26] CHR HomePage: Default -> hxxps://platform.cmcmarkets.com/#/login?b=CMC-CFD&r=PL&l=pl CHR StartupUrls: Default -> "hxxps://pl.investing.com/economic-calendar/" CHR Extension: (AutoFormer+) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjefgijpbofijpnfpncbjajignkcbbod [2023-11-10] CHR Extension: (AMZ Suggestion Expander) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpeaihkccbeemkfefcapijechkbfjlhb [2024-01-11] CHR Extension: (AHA Music - Wyszukiwarka piosenek dla przeglądarki) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpacanjfikmhoddligfbehkpomnbgblf [2023-09-25] CHR Extension: (Adobe Acrobat: edycja plików PDF, konwertowanie, narzędzia podpisywania) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-23] CHR Extension: (Video Downloader Professional) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-09-02] CHR Extension: (Stylish - Custom themes for any website) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2024-01-14] CHR Extension: (EditThisCookie) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2023-09-02] CHR Extension: (Hacker Vision) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2023-09-02] CHR Extension: (LoungeDestroyer) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2023-09-02] CHR Extension: (Dokumenty Google offline) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-17] CHR Extension: (AdBlock — najlepszy bloker reklam) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-02-21] CHR Extension: (360 Internet Protection) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2024-02-26] CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-02-26] CHR Extension: (Coinbase Wallet extension) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-02-20] CHR Extension: (Looper for YouTube) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2023-09-02] CHR Extension: (APEX - Best Screenshot & Screen Recorder) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkkmokkmlbkkgdnkkancbonkbbmkioc [2023-09-02] CHR Extension: (DS Amazon Quick View) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2023-10-09] CHR Extension: (Download Master - Free Download Manager) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\laepcndcehndnjndpfjdcdgbneoimdgg [2023-09-02] CHR Extension: (Program uruchamiający aplikacje dla plików z Dysku (od Google)) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-27] CHR Extension: (fxDreema: Download Files) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlppnklledgeaafojedgemkdhjdgdkp [2023-09-02] CHR Extension: (Usługa zwrotu gotówki LetyShops) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphicbbhfmllgmomkkhjfkpbdlncafbn [2024-01-30] CHR Extension: (Zrób pełny, całkowity zrzut ekranu strony internetowej - FireShot) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2023-09-02] CHR Extension: (Bass Boost: HD Audio) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghabdfikjldejcdcmclcmpcmknjahli [2023-09-02] CHR Extension: (MetaMask) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-02-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-02] CHR Extension: (Split midjourney Images) - C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkdkhiolmoenpgjfemapeeiamfhnbkc [2024-02-07] CHR HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Opera: ======= StartMenuInternet: (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001) Opera GXStable - "C:\Users\aspat\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Usługi (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [243384 2022-08-24] (DTS, Inc. -> DTS Inc.) S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [53217096 2024-02-14] (Electronic Arts, Inc. -> Electronic Arts) S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12094568 2024-02-23] (Electronic Arts, Inc. -> Electronic Arts) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== UWAGA S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== UWAGA R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-22] (HP Inc. -> HP Inc.) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_0f43cda6a2474b5c\AS\IAS\IntelAudioService.exe [531008 2022-03-22] (Intel Corporation -> Intel) R3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel) R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel) R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-25] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-25] (Malwarebytes Inc. -> Malwarebytes) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) R3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [869728 2022-06-13] (Acer Incorporated -> Acer Incorporated) S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [469992 2022-05-24] (Acer Incorporated -> Acer Incorporated) R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [508392 2022-05-24] (Acer Incorporated -> Acer Incorporated) S3 Rockstar Service; S:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1216496 2023-09-03] (Rockstar Games, Inc. -> Rockstar Games) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [334992 2022-06-01] (Acer Incorporated -> Acer Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_eff1a67327d2911d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_eff1a67327d2911d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Sterowniki (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-06-01] (Acer Incorporated -> Acer Incorporated) S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.) S3 atvi-randgrid; C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys [2786712 2023-12-08] (Activision Publishing Inc -> Activision Blizzard, Inc.) S3 CH341_A64; C:\Windows\System32\Drivers\CH341W64.SYS [31232 2009-06-11] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2023-11-16] (Microsoft Windows -> Microsoft Corporation) R1 googledrivefs31357; C:\Windows\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_42e0121b9785f90e\iaLPSS2_GPIO2_TGL.sys [128680 2020-11-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_70d4531ccdd0c3c2\iaLPSS2_I2C_TGL.sys [197288 2020-11-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b9ae9f760b62c73a\iaLPSS2_SPI_TGL.sys [155816 2020-11-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_da87610cdf3862a4\iaLPSS2_UART2_TGL.sys [310440 2020-11-19] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_2cc98897d8dddf62\IntcUSB.sys [882280 2022-03-22] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-05] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation) R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.) S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47928 2022-04-19] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2024-02-26] (Malwarebytes Inc. -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-02-26] (Malwarebytes Inc. -> Malwarebytes) R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [237592 2023-08-15] (NVIDIA Corporation -> NVIDIA Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R3 UsbDk; C:\Windows\System32\Drivers\UsbDk.sys [103128 2020-03-13] (Red Hat, Inc. -> Red Hat Inc.) R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.) S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-11-16] (Microsoft Windows -> ) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation) S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] S1 mqlheccz; \??\C:\Windows\system32\drivers\mqlheccz.sys [X] S3 SrvcWTDMIOMngr; \??\C:\OEM\OA30\WTDMIoMngr.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc (utworzone) (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-02-26 10:29 - 2024-02-26 10:29 - 000037871 _____ C:\Users\aspat\Desktop\FRST.txt 2024-02-26 10:29 - 2024-02-26 10:29 - 000000000 ____D C:\FRST 2024-02-26 10:28 - 2024-02-26 10:28 - 002386944 _____ (Farbar) C:\Users\aspat\Desktop\FRST64.exe 2024-02-26 09:52 - 2024-02-26 09:52 - 000800970 _____ C:\Windows\system32\perfh015.dat 2024-02-26 09:52 - 2024-02-26 09:52 - 000158968 _____ C:\Windows\system32\perfc015.dat 2024-02-26 09:45 - 2024-02-26 09:45 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys 2024-02-26 09:45 - 2024-02-26 09:45 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2024-02-25 21:53 - 2024-02-25 21:53 - 000010239 _____ C:\Users\aspat\Desktop\wirusy.txt 2024-02-25 21:45 - 2024-02-25 21:51 - 000000000 ____D C:\Users\aspat\Desktop\RogueKiller 2024-02-25 21:45 - 2024-02-25 21:45 - 000000000 ____D C:\Users\aspat\Documents\Badania krwi 2024-02-25 21:44 - 2024-02-26 09:56 - 000000000 ____D C:\Users\aspat\AppData\LocalLow\IGDump 2024-02-25 21:44 - 2024-02-25 21:45 - 036149680 _____ C:\Users\aspat\Desktop\RogueKiller_portable64.exe 2024-02-25 21:43 - 2024-02-26 10:25 - 000000000 ____D C:\Users\aspat\AppData\Local\Malwarebytes 2024-02-25 21:43 - 2024-02-25 21:43 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2024-02-25 21:43 - 2024-02-25 21:43 - 000002045 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-02-25 21:42 - 2024-02-25 21:42 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-02-25 21:42 - 2024-02-25 21:42 - 000000000 ____D C:\Program Files\Malwarebytes 2024-02-25 20:58 - 2024-02-26 09:44 - 000000000 ____D C:\ProgramData\Avast Software 2024-02-25 20:58 - 2024-02-25 20:58 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll 2024-02-25 20:38 - 2024-02-25 21:17 - 000000000 ____D C:\Users\aspat\Desktop\Nowy folder 2024-02-24 19:24 - 2024-02-24 19:24 - 000000000 ____D C:\Users\aspat\AppData\Roaming\Checkm8.info 2024-02-24 19:24 - 2024-01-11 12:34 - 160160528 _____ (Checkm8.info) C:\Users\aspat\Desktop\Checkm8.info Software.exe 2024-02-24 16:12 - 2024-02-24 16:12 - 000001780 _____ C:\Users\Public\Desktop\iTunes.lnk 2024-02-24 16:12 - 2024-02-24 16:12 - 000000000 ____D C:\Users\aspat\AppData\Local\Apple Inc 2024-02-24 16:12 - 2024-02-24 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2024-02-24 16:12 - 2024-02-24 16:12 - 000000000 ____D C:\Program Files\iTunes 2024-02-24 16:09 - 2024-02-24 16:09 - 000000000 ____D C:\Windows\system32\Tasks\Apple 2024-02-24 16:09 - 2024-02-24 16:09 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2024-02-24 14:54 - 2024-02-25 10:15 - 000000000 ____D C:\Users\aspat\AppData\Roaming\WinRa1n 2024-02-24 14:54 - 2024-02-24 14:54 - 000000000 ____D C:\Users\aspat\AppData\Roaming\Apple Computer 2024-02-24 14:54 - 2024-02-24 14:54 - 000000000 ____D C:\Users\aspat\AppData\Local\Apple Computer 2024-02-24 14:54 - 2024-02-24 14:54 - 000000000 ____D C:\ProgramData\Apple Computer 2024-02-24 14:54 - 2022-04-19 11:49 - 000100352 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll 2024-02-24 14:54 - 2022-04-19 11:49 - 000083968 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll 2024-02-24 14:54 - 2022-04-19 11:49 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll 2024-02-24 14:54 - 2022-04-19 11:49 - 000047928 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusbK.sys 2024-02-24 14:54 - 2022-04-19 11:49 - 000046592 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll 2024-02-24 14:53 - 2024-02-24 16:12 - 000000000 ____D C:\Program Files\Common Files\Apple 2024-02-24 14:53 - 2024-02-24 16:09 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2024-02-24 14:53 - 2024-02-24 14:53 - 000000000 ____D C:\Users\aspat\AppData\Local\Apple 2024-02-24 14:53 - 2024-02-24 14:53 - 000000000 ____D C:\ProgramData\Apple 2024-02-24 14:53 - 2024-02-24 14:53 - 000000000 ____D C:\Program Files\Bonjour 2024-02-24 14:53 - 2024-02-24 14:53 - 000000000 ____D C:\Program Files (x86)\Bonjour 2024-02-23 08:44 - 2024-02-23 08:44 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_UsbDk_01011.Wdf 2024-02-23 08:44 - 2024-02-23 08:44 - 000000000 ____D C:\Program Files\UsbDk Runtime Library 2024-02-23 08:44 - 2020-03-13 04:34 - 000103128 _____ (Red Hat Inc.) C:\Windows\system32\Drivers\UsbDk.sys 2024-02-22 12:46 - 2024-02-22 12:46 - 000000000 ____D C:\Users\aspat\Desktop\Kolano 2024 2024-02-21 16:04 - 2024-02-21 16:04 - 001539520 _____ C:\Users\aspat\Desktop\zeznanie-podatkowe-Patryk.pdf 2024-02-20 18:25 - 2024-02-20 18:25 - 000000000 ____D C:\Users\aspat\AppData\Local\ElevatedDiagnostics 2024-02-16 13:06 - 2024-02-16 13:06 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2024-02-14 13:07 - 2024-02-14 13:07 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-02-14 13:06 - 2024-02-14 13:06 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2024-02-12 17:50 - 2024-02-23 13:20 - 000000000 ____D C:\Users\aspat\AppData\Roaming\discord 2024-02-12 17:50 - 2024-02-23 13:09 - 000000000 ____D C:\Users\aspat\AppData\Local\Discord 2024-02-12 17:50 - 2024-02-21 18:08 - 000002271 _____ C:\Users\aspat\Desktop\Discord.lnk 2024-02-12 17:50 - 2024-02-12 17:50 - 000000000 ____D C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2024-02-10 18:14 - 2024-02-10 18:14 - 000000000 ____D C:\Users\aspat\AppData\Local\EACrashReporter 2024-02-10 16:40 - 2022-09-30 05:24 - 000174112 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys 2024-02-10 16:40 - 2022-09-30 05:24 - 000050720 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ss_conn_usb_driver2.sys 2024-02-08 00:36 - 2024-02-08 00:44 - 000000000 ____D C:\Program Files\Recuva 2024-02-08 00:36 - 2024-02-08 00:36 - 000000000 ____D C:\ProgramData\Piriform 2024-02-08 00:36 - 2024-02-08 00:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2024-02-06 23:29 - 2024-02-06 23:29 - 000188138 _____ C:\Users\aspat\Documents\2024-02-06_23_29_InPost_Kurier_KpMaHT.1707258547.pdf 2024-02-04 22:29 - 2024-02-21 16:01 - 000000000 ____D C:\Users\aspat\Desktop\Trading212 2024-01-31 19:21 - 2024-01-31 19:21 - 000907844 _____ C:\Users\aspat\Desktop\LA-A901P boardview pdf.pdf 2024-01-31 14:25 - 2024-01-31 14:25 - 004194304 _____ C:\Users\aspat\Desktop\uuuc3.bin 2024-01-31 14:24 - 2024-01-31 14:24 - 008388608 _____ C:\Users\aspat\Desktop\uc3.bin 2024-01-30 20:46 - 2024-01-30 20:46 - 000200292 _____ C:\Users\aspat\Desktop\PIT 38 2021.pdf 2024-01-30 20:45 - 2024-01-30 20:45 - 000200366 _____ C:\Users\aspat\Desktop\PIT 38 2022.pdf 2024-01-29 17:22 - 2021-09-12 21:31 - 008388608 _____ C:\Users\aspat\Desktop\ZAM70_LA-A901P_REV_1.0_BIOS.bin 2024-01-29 17:22 - 2021-09-12 21:31 - 004194304 _____ C:\Users\aspat\Desktop\ZAM70_LA-A901P_REV_1.0_EC.bin ==================== Jeden miesiąc (zmodyfikowane) ================== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2024-02-26 10:29 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-02-26 10:02 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp 2024-02-26 10:01 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-02-26 10:01 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness 2024-02-26 10:00 - 2023-09-03 15:14 - 000000000 ____D C:\Users\aspat\AppData\Local\CrashDumps 2024-02-26 09:52 - 2023-04-28 16:55 - 001797776 _____ C:\Windows\system32\PerfStringBackup.INI 2024-02-26 09:52 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF 2024-02-26 09:48 - 2023-09-02 06:34 - 000000000 ____D C:\Users\aspat\AppData\Local\Host App Service 2024-02-26 09:45 - 2023-09-02 06:38 - 000000000 __SHD C:\Users\aspat\IntelGraphicsProfiles 2024-02-26 09:45 - 2023-09-02 06:34 - 000000000 ___SD C:\Users\aspat\AppData\Roaming\Microsoft\Credentials 2024-02-26 09:45 - 2023-04-28 16:51 - 000000000 ___HD C:\Intel 2024-02-26 09:45 - 2023-04-28 16:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-02-26 09:45 - 2023-04-28 16:50 - 000000000 ____D C:\Windows\system32\SleepStudy 2024-02-26 09:45 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState 2024-02-26 09:44 - 2023-04-28 16:50 - 000012288 ___SH C:\DumpStack.log.tmp 2024-02-26 09:44 - 2023-04-28 16:50 - 000001623 _____ C:\Windows\system32\config\VSMIDK 2024-02-25 22:04 - 2022-05-07 06:17 - 000786432 _____ C:\Windows\system32\config\BBI 2024-02-25 21:43 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2024-02-25 21:26 - 2023-09-08 23:39 - 000000000 ____D C:\Users\aspat\AppData\Roaming\Microsoft\Excel 2024-02-25 20:22 - 2024-01-08 17:46 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2024-02-25 20:22 - 2023-09-04 17:57 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2024-02-25 20:22 - 2023-09-04 17:56 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-02-25 20:22 - 2023-09-04 17:56 - 000002025 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-02-25 20:19 - 2023-04-28 16:51 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-02-24 18:36 - 2023-09-02 06:44 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-02-24 18:36 - 2023-09-02 06:44 - 000002176 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2024-02-24 16:10 - 2023-09-02 06:38 - 000000000 ____D C:\Users\aspat\AppData\Local\Packages 2024-02-24 16:10 - 2023-09-02 06:29 - 000000000 ____D C:\ProgramData\Packages 2024-02-24 14:52 - 2023-09-02 06:59 - 000000000 ____D C:\Users\aspat\AppData\Local\Publishers 2024-02-24 14:51 - 2023-09-02 06:40 - 000000000 ____D C:\Users\aspat\AppData\Local\PlaceholderTileLogoFolder 2024-02-24 13:33 - 2023-09-02 06:38 - 000000000 ____D C:\Users\aspat\AppData\Local\D3DSCache 2024-02-23 20:15 - 2023-09-01 18:14 - 000000000 ____D C:\ProgramData\EA Desktop 2024-02-23 10:16 - 2023-09-01 19:36 - 000000000 ____D C:\Users\aspat\AppData\Roaming\Canva 2024-02-23 10:04 - 2023-09-01 20:24 - 000000000 ____D C:\Users\aspat\AppData\Roaming\Microsoft\Word 2024-02-23 09:48 - 2023-09-02 07:49 - 000000000 ___RD C:\Users\aspat\Desktop\Amazon KDP 2024-02-22 12:46 - 2023-09-25 13:34 - 000004206 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1695645282 2024-02-22 12:46 - 2023-09-25 13:34 - 000001478 _____ C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera GX.lnk 2024-02-21 18:21 - 2023-09-07 17:48 - 000000000 ____D C:\Users\aspat\Documents\Navi 2024-02-21 16:21 - 2023-09-03 10:12 - 000000000 ____D C:\ProgramData\Packer 2024-02-21 12:55 - 2023-09-03 10:12 - 000000000 ____D C:\Program Files\EA 2024-02-21 11:03 - 2023-04-28 16:51 - 000003566 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-02-21 11:03 - 2023-04-28 16:51 - 000003442 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-02-17 10:07 - 2023-09-01 18:20 - 000000000 ____D C:\Users\aspat\AppData\Local\Steam 2024-02-16 21:45 - 2023-09-08 17:14 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2024-02-16 20:00 - 2023-09-07 17:32 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2024-02-16 20:00 - 2023-09-07 17:32 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-02-16 20:00 - 2023-09-02 06:40 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2444858711-1819379462-4076300061-1001 2024-02-16 13:05 - 2023-04-28 17:26 - 000000000 ____D C:\Program Files\Microsoft Office 2024-02-15 11:21 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2024-02-14 17:53 - 2023-09-27 17:18 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2024-02-14 17:53 - 2023-09-27 17:18 - 000002012 _____ C:\Users\aspat\Desktop\Google Drive.lnk 2024-02-14 13:31 - 2023-04-28 16:50 - 000475384 _____ C:\Windows\system32\FNTCACHE.DAT 2024-02-14 13:30 - 2023-10-11 18:45 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\UUS 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\setup 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Sgrm 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\setup 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Provisioning 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\BrowserCore 2024-02-14 13:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr 2024-02-14 13:21 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-02-14 13:12 - 2023-09-01 20:30 - 000000000 ____D C:\Windows\system32\MRT 2024-02-14 13:10 - 2023-09-01 20:29 - 191155960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2024-02-14 13:08 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp 2024-02-14 13:07 - 2023-04-28 16:54 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2024-02-12 17:50 - 2023-09-03 10:18 - 000000000 ____D C:\Users\aspat\AppData\Local\SquirrelTemp 2024-02-08 00:48 - 2023-09-02 06:34 - 000000000 ____D C:\Users\aspat 2024-02-06 09:57 - 2023-09-01 19:36 - 000002257 _____ C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canva.lnk 2024-02-06 09:57 - 2023-09-01 19:36 - 000002249 _____ C:\Users\aspat\Desktop\Canva.lnk 2024-02-01 17:23 - 2023-12-21 12:43 - 000000000 ____D C:\Users\aspat\Documents\FC 24 2024-02-01 16:51 - 2023-10-07 12:05 - 000000000 ____D C:\Users\aspat\AppData\Local\CapCut Drafts 2024-01-30 20:53 - 2023-09-02 07:33 - 000000000 ____D C:\Users\aspat\Documents\Rozliczenia za 2022 2024-01-30 18:30 - 2023-11-30 17:11 - 000000000 ____D C:\Users\aspat\Desktop\Laptopy naprawa 2024-01-29 20:26 - 2024-01-20 10:09 - 000000000 ____D C:\Users\aspat\Desktop\Biosy ==================== Pliki w katalogu głównym wybranych folderów ======== 2024-01-05 20:35 - 2024-01-05 20:35 - 000000088 _____ () C:\Users\aspat\AppData\Roaming\SystemHwData.json 2023-10-07 12:05 - 2023-10-07 12:05 - 000000028 _____ () C:\Users\aspat\AppData\Local\CapCutConfigure.ini ==================== SigCheck ============================ (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) ==================== Koniec FRST.txt ======================== Addition.txt Cytuj Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 23.02.2024 Uruchomiony przez aspat (26-02-2024 10:29:55) Uruchomiony z C:\Users\aspat\Desktop Microsoft Windows 11 Home Wersja 23H2 22631.3155 (X64) (2023-09-02 05:29:38) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= (Załączenie wejścia w fixlist spowoduje jego usunięcie.) Administrator (S-1-5-21-2444858711-1819379462-4076300061-500 - Administrator - Disabled) aspat (S-1-5-21-2444858711-1819379462-4076300061-1001 - Administrator - Enabled) => C:\Users\aspat Gość (S-1-5-21-2444858711-1819379462-4076300061-501 - Limited - Enabled) Konto domyślne (S-1-5-21-2444858711-1819379462-4076300061-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2444858711-1819379462-4076300061-504 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 4K Video Downloader (HKLM\...\{5D7E851E-C7CF-423F-8432-478F0EBB8666}) (Version: 4.28.0.5600 - Open Media LLC) Acer Configuration Manager (HKLM-x32\...\{83EE3016-BFF3-4249-9DB8-2FC92D6DE9E6}) (Version: 2.5.22250 - Acer) Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 23.008.20555 - Adobe) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_1) (Version: 22.4.1.211 - Adobe Inc.) Adobe Photoshop 2021 Patch (HKLM-x32\...\{86AB4DA9-6987-419F-A237-66EB38496854}) (Version: 1.0.0 - OSTeam) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Advanced BAT to EXE Converter v4.59 (HKLM-x32\...\Advanced BAT to EXE Converter v4.59) (Version: - ) App Explorer (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Host App Service) (Version: 0.273.4.677 - SweetLabs) <==== UWAGA Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.) Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.) Bat To Exe Converter version 3.2 (HKLM\...\{60C29EC2-33E8-45EE-87E4-31FA3E35C539}_is1) (Version: 3.2 - Fatih Kodak) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cadence Allegro Free Physical Viewers 16.6 (HKLM-x32\...\{2BB61CCF-BB29-42C1-A313-CF4CC2B924B2}) (Version: 16.6.1 - Cadence Design Systems) Canva (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.82.0 - Canva Pty Ltd) CapCut (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\CapCut) (Version: 2.8.0.917 - Bytedance Pte. Ltd.) CH341A - USB Programmer 1.30 (HKLM-x32\...\CH341A - USB Programmer 1.30) (Version: 1.30 - SkyGz) CPUID CPU-Z 2.07 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.07 - CPUID, Inc.) CrystalDiskInfo 9.1.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.1.1 - Crystal Dew World) Discord (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Discord) (Version: 1.0.9032 - Discord Inc.) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated) DualSenseX (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\DualSenseX) (Version: 1.4.9 - Paliverse) Dynamic Application Loader Host Interface Service (HKLM\...\{407FF531-5AD9-4518-8304-5B54747A19DA}) (Version: 1.0.0.0 - Intel Corporation) Hidden EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.133.0.5646 - Electronic Arts) Hidden EA app (HKLM-x32\...\{ae8a47ff-bde1-4cd1-8d7f-0392b2ebc7cf}) (Version: 13.133.0.5646 - Electronic Arts) EA SPORTS FC 24 (HKLM-x32\...\{D599A8A7-E083-496C-B891-5752CD4E04F3}) (Version: 1.0.85.48150 - Electronic Arts) Eclipse Temurin JDK with Hotspot 17.0.8.1+1 (x64) (HKLM\...\{43925975-C773-4923-A044-F0BB71DC05E2}) (Version: 17.0.8.101 - Eclipse Adoptium) Epic Games Launcher (HKLM-x32\...\{310BE3AC-6267-4F59-BB53-1B54C74204FA}) (Version: 1.3.82.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.) ExpressVPN (HKLM-x32\...\{5B1D5290-DC0D-43D1-8220-8BB29BDDA0BE}) (Version: 2.5.22300.30 - Acer) Farming Simulator 22 (HKLM-x32\...\FLT_Farming_Simulator_22) (Version: - ) FIFA 23 (HKLM-x32\...\{B2A14ADC-C2DC-432C-BA7E-FA59282364AB}) (Version: 1.0.83.40087 - Electronic Arts) FTMO MetaTrader 5 (HKLM\...\FTMO MetaTrader 5) (Version: 5.00 - MetaQuotes Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.69 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 87.0.2.0 - Google LLC) Hurtworld (HKLM-x32\...\{ECC63D40-3060-4372-A1EE-6BC65E2A4E91}) (Version: 1.0.0 - BigGames) HxD Hex Editor 2.5 (HKLM\...\HxD_is1) (Version: 2.5 - Maël Hörz) Intel(R) Chipset Device Software (HKLM\...\{8E7A81EF-0B97-4CD2-94E5-CD9E5A2767F4}) (Version: 10.1.18698.8258 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{80ec5470-ac51-4956-b2dc-87dc2cdaa04b}) (Version: 10.1.18698.8258 - Intel(R) Corporation) Intel(R) LMS (HKLM\...\{EEBB42F5-AD42-480E-B9B5-4ABD2CB6B609}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2202 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{CB6870FB-561A-4C01-AFBA-24E5F13DCBC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{D0CA8C15-9932-4952-B3B6-71CF65CD9A60}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{C6A61C2D-5CD0-42AA-BC42-5F5B573289C0}) (Version: 1.0.0.0 - Intel Corporation) Hidden iTunes (HKLM\...\{D3D338CA-DF7F-45D1-AEC9-89EBF90AD2F0}) (Version: 12.13.1.3 - Apple Inc.) Java 8 Update 381 (HKLM-x32\...\{77924AE4-039E-4CA4-87B4-2F32180381F0}) (Version: 8.0.3810.9 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 5.0.17.99 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.52 - Microsoft Corporation) Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation) Microsoft Office Professional Plus 2021 - pl-pl (HKLM\...\ProPlus2021Retail - pl-pl) (Version: 16.0.17231.20236 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation) Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation) Microsoft OneNote - pl-pl (HKLM\...\OneNoteFreeRetail - pl-pl) (Version: 16.0.17231.20236 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.) NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles) NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3046 - Acer Incorporated) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.5.8 - Notepad++ Team) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA Sterownik graficzny 537.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.13 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden Opera GX Stable 107.0.5045.30 (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Opera GX 107.0.5045.30) (Version: 107.0.5045.30 - Opera Software) Planet9 Stub (HKLM\...\18eae271-44ac-5152-b237-7dac60ccd85a) (Version: 1.0.167 - Acer Inc.) Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3044 - Acer Incorporated) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9292.1 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.77.1590 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.9.8 - Rockstar Games) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Środowisko uruchomieniowe Microsoft Edge WebView2 (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation) TF Global Markets MetaTrader 5 Terminal (HKLM\...\TF Global Markets MetaTrader 5 Terminal) (Version: 5.00 - MetaQuotes Ltd.) Uplay (HKLM-x32\...\Uplay) (Version: 101.0 - Ubisoft) UsbDk Runtime Libraries (HKLM\...\{6D4A6ED0-CF41-4615-A4B3-BDA018C3C1CD}) (Version: 1.0.22 - Red Hat, Inc.) User Experience Improvement Program Service (HKLM\...\{323EA05D-046D-449D-9D7C-89243C957CCE}) (Version: 5.00.3016 - Acer Incorporated) WinRAR 6.23 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) Chrome apps: ============ Arkusze (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\7a1443d10ff8f106da2d5daacec5e12c) (Version: 1.0 - Google\Chrome) Dokumenty (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\2fb32048c8fd638d69de10ad0331116f) (Version: 1.0 - Google\Chrome) Dysk Google (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\c8225bf7c7e16dfc31f39e95e8f9aac6) (Version: 1.0 - Google\Chrome) Gmail (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\dce5ea20a0939007b847dc82f36a762a) (Version: 1.0 - Google\Chrome) Prezentacje (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\806361db563e3e60ad111b8cca2c51a6) (Version: 1.0 - Google\Chrome) YouTube (HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\200b0513528e7576ee9f4ed0f846a690) (Version: 1.0 - Google\Chrome) Packages: ========= Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2023-09-05] (Acer Incorporated) Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_2.0.4.0_x64__48frkmn4z8aw4 [2024-01-30] (Acer Incorporated) Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-01-09] (Adobe Systems Incorporated) Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-02-25] () Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-02-25] () AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5336.0_x64__8j3eq9eme6ctt [2024-02-14] (INTEL CORP) [Startup Task] Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-22] (Microsoft Corporation) Dropbox – promocja -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.23.0_x64__xbfy0k16fey96 [2024-02-11] (Dropbox Inc.) DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2024.1.0.0_x64__t5j2fzbtdg37r [2024-01-30] (DTS, Inc.) DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.13.2.0_x64__t5j2fzbtdg37r [2024-02-26] (DTS, Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-24] (HP Inc.) Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2024-02-11] (INTEL CORP) Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-09-02] (Rivet Networks LLC) [Startup Task] Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13002.0_x64__8wekyb3d8bbwe [2024-02-21] (Microsoft Corporation) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.) Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation) Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2402.2.0_x64__8wekyb3d8bbwe [2024-02-20] (Microsoft Corporation) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-11] (Microsoft Corporation) NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3046.0_x64__48frkmn4z8aw4 [2023-09-02] (Acer Incorporated) Notepad++ -> C:\Program Files\Notepad++\contextMenu [2023-11-09] (Notepad++) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-06] (NVIDIA Corp.) Python 3.11 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.2288.0_x64__qbz5n2kfra8p0 [2024-02-11] (Python Software Foundation) QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3044.0_x64__48frkmn4z8aw4 [2023-09-02] (Acer Incorporated) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-02] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0 [2024-02-20] (Spotify AB) [Startup Task] TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_2.7.4.5671_x64__n534cwy3pjxzj [2024-02-14] (TradingView, Inc.) [Startup Task] User Experience Improvement Program V5 -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgramV_5.0.3016.0_x64__48frkmn4z8aw4 [2023-09-02] (Acer Incorporated) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-14] (Microsoft Corporation) WinRAR -> S:\Program Files\WinRAR [2023-09-01] (win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2444858711-1819379462-4076300061-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-2444858711-1819379462-4076300061-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => Brak pliku CustomCLSID: HKU\S-1-5-21-2444858711-1819379462-4076300061-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-10] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-25] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\87.0.2.0\drivefsext.dll [2024-02-14] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_eff1a67327d2911d\nvshext.dll [2023-08-16] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-02-10] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-25] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ==================== Codecs (filtrowane) ==================== ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\aspat\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat () ShortcutWithArgument: C:\Users\aspat\Desktop\Backup z dysku nitro 5 starego\pulpit\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Arkusze.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Dokumenty.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Dysk Google.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\fxDreema Download Files.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lnlppnklledgeaafojedgemkdhjdgdkp ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Prezentacje.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Załadowane moduły (filtrowane) ============= 2023-09-06 15:14 - 2022-11-08 11:54 - 000270848 _____ (By ZhongYang) [Brak podpisu cyfrowego] C:\Users\aspat\Desktop\TrafficMonitor\OpenHardwareMonitorApi.dll 2023-04-28 17:27 - 2023-04-28 17:27 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2023-04-28 17:27 - 2023-04-28 17:27 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll ==================== Alternate Data Streams (filtrowane) ======== (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Users\aspat\Desktop\FRST64.exe:MBAM.Zone.Identifier [240] AlternateDataStreams: C:\Users\aspat\Desktop\RogueKiller_portable64.exe:MBAM.Zone.Identifier [191] AlternateDataStreams: C:\Users\aspat\Documents\Szpital biodro.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\aspat\Documents\Szpital biodro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Tryb awaryjny (filtrowane) ================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) ================= ==================== Internet Explorer (filtrowane) ========== BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-02] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts - zawartość: ========================= (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Inne obszary =========================== (Obecnie brak automatycznej naprawy dla tej sekcji.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Eclipse Adoptium\jdk-17.0.8.101-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\aspat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.20 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Załączenie wejścia w fixlist spowoduje jego usunięcie.) HKLM\...\StartupApproved\Run: => "Reflect UI" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9C0351EC673C45D35EA025DF5DE5B6AC" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "CanvaAutoLaunchAvailabilityCheckAgent" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "DualSenseX" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "Opera GX Stable" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant" HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\StartupApproved\Run: => "Battle.net" ==================== Reguły Zapory systemu Windows (filtrowane) ================ (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{74245298-B4E7-4DEA-9B04-11B5C214320D}] => (Allow) S:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CD5E012B-304F-4806-9E59-969BD5D5BD74}] => (Allow) S:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{160E3E4C-9629-4171-82CC-19990175978E}S:\gry epic\gta v\gtav\gta5.exe] => (Allow) S:\gry epic\gta v\gtav\gta5.exe => Brak pliku FirewallRules: [UDP Query User{3075B894-4389-4732-9DA6-375F6AFD686D}S:\gry epic\gta v\gtav\gta5.exe] => (Allow) S:\gry epic\gta v\gtav\gta5.exe => Brak pliku FirewallRules: [{A6F00DEF-AA52-4CEE-ABEB-5E345CC49ECF}] => (Allow) S:\EA App\FIFA 23\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{FE365B0E-6BDF-4F33-B167-F030009F45FF}] => (Allow) S:\EA App\FIFA 23\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{D1C24C6C-F4DF-42F1-A86D-166790AAAF9E}C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe] => (Allow) C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{B039E2BA-BD12-4171-AE07-26C9D672CA08}C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe] => (Allow) C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe () [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{F4CC123A-0687-4AAA-BDD2-F0148937C424}S:\ea app\fifa 23\fifa23.exe] => (Allow) S:\ea app\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{A74EC3E6-4CA4-4C96-9FA2-48F14987CD8E}S:\ea app\fifa 23\fifa23.exe] => (Allow) S:\ea app\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{DDEF652C-4A5F-4805-859B-2ED5ABB560B7}] => (Allow) S:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CB77A5CC-D93C-4659-98CE-ACE7064B41CA}] => (Allow) S:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{DDD733C2-9FC1-4980-97EA-CEBD29C6ED13}] => (Allow) S:\Program Files (x86)\EA Games\FIFA 10\FIFA10.exe => Brak pliku FirewallRules: [{EA7A3E46-9D6D-4B1C-B45E-D3B621E77C66}] => (Allow) S:\Program Files (x86)\EA Games\FIFA 10\FIFA10.exe => Brak pliku FirewallRules: [TCP Query User{63514F2E-5DD2-40D7-A8CC-17ED9CC38E6D}C:\users\aspat\desktop\fm19\gra\fm19\fm.exe] => (Allow) C:\users\aspat\desktop\fm19\gra\fm19\fm.exe (Sports Interactive) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{C76D3EF7-C9CE-4DCE-9B53-F58EDBBF57D4}C:\users\aspat\desktop\fm19\gra\fm19\fm.exe] => (Allow) C:\users\aspat\desktop\fm19\gra\fm19\fm.exe (Sports Interactive) [Brak podpisu cyfrowego] FirewallRules: [{C01780C5-6E34-4975-80F3-72D092C6A454}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5F7A2B01-494E-426F-9293-9D76593FFFD0}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Brak pliku FirewallRules: [{11A8F80E-C88E-4A3F-80C9-4FF7F2FE692D}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Brak pliku FirewallRules: [{85CE8B12-BF68-4E94-B372-43A3945286DB}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.2\ABService.exe => Brak pliku FirewallRules: [{FA2531C9-0864-4C94-9D7A-E494BCAD0D7A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.2\ABService.exe => Brak pliku FirewallRules: [TCP Query User{77FB54DD-1E88-48FC-806B-BF3A7FCD25CB}C:\users\aspat\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\aspat\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [UDP Query User{8D627B6F-44B4-47E1-8EB2-4FD8EE314DD3}C:\users\aspat\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\aspat\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{23627E25-980A-4ADF-A578-50A136942EF2}] => (Allow) C:\Program Files\TF Global Markets MetaTrader 5 Terminal\metatester64.exe (MetaQuotes Ltd -> MetaQuotes Ltd.) FirewallRules: [{777CFACF-36B0-45EC-AFDB-50EC1CB20772}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DFA2A1D3-08D9-4305-96DC-FCE2A6F05022}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5404E682-A2DB-496B-95C7-A4600B5155B0}] => (Allow) E:\FIFA 24\EA SPORTS FC 24\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{2F4ABF81-028F-43BE-9FE5-714C6ECBDF44}] => (Allow) E:\FIFA 24\EA SPORTS FC 24\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{9B267AB3-C610-45E5-BCAB-670B3474750F}E:\fifa 24\ea sports fc 24\fc24.exe] => (Allow) E:\fifa 24\ea sports fc 24\fc24.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{F17B7961-B8EF-4442-A5CC-1402A2712DEF}E:\fifa 24\ea sports fc 24\fc24.exe] => (Allow) E:\fifa 24\ea sports fc 24\fc24.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{1773BD30-E9D7-4669-8A8B-CAEECB92E76F}C:\users\aspat\desktop\fm19\gra\fm19\fm.exe] => (Block) C:\users\aspat\desktop\fm19\gra\fm19\fm.exe (Sports Interactive) [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{0454A513-2B52-4F63-8780-B00B2BD84B00}C:\users\aspat\desktop\fm19\gra\fm19\fm.exe] => (Block) C:\users\aspat\desktop\fm19\gra\fm19\fm.exe (Sports Interactive) [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{E8093EBC-5953-42D2-BA99-33C094968AE6}C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe] => (Block) C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe () [Brak podpisu cyfrowego] FirewallRules: [UDP Query User{84A1590F-8340-4339-ADE4-78DAA235B0CD}C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe] => (Block) C:\users\aspat\appdata\local\dualsensex\app-1.4.9\dualsensex.exe () [Brak podpisu cyfrowego] FirewallRules: [TCP Query User{8295614E-C284-46FF-9855-37F4E8BF7CBC}E:\fifa 24\ea sports fc 24\fc24.exe] => (Allow) E:\fifa 24\ea sports fc 24\fc24.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{D83DBA4E-BD42-4A32-8BE5-27F8F6AABAE4}E:\fifa 24\ea sports fc 24\fc24.exe] => (Allow) E:\fifa 24\ea sports fc 24\fc24.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{BFAD1569-8007-4916-B20A-5F1611F4E022}S:\ea app\fifa 23\fifa23.exe] => (Block) S:\ea app\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{38E1B374-F7B4-4980-8E07-15A50C85BC10}S:\ea app\fifa 23\fifa23.exe] => (Block) S:\ea app\fifa 23\fifa23.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [TCP Query User{D5B21E96-43A9-417C-851A-AA77D78229FB}C:\users\aspat\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\aspat\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [UDP Query User{031E605D-5CE7-4706-84C8-D81B5D5657CB}C:\users\aspat\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\aspat\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{4822AA38-692E-471D-A5F5-BDED0FE6896F}] => (Allow) E:\FIFA 24\EA SPORTS FC 24\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{9BC77B00-0E36-4F9B-BB25-9E46FCCA36AA}] => (Allow) E:\FIFA 24\EA SPORTS FC 24\EAAntiCheat.GameServiceLauncher.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{5AA2338B-810B-4129-B0F1-7D7C4D874574}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{BDB7C904-824F-4B21-B8AA-023E92D70123}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{06818653-B3D0-47AE-95D4-A7829E1A23EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4B10F663-C936-4BC9-AFBF-BBCA12A73B0D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{856C807B-5CDB-4B52-897E-4C73AB121833}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{10AAAE4A-1197-492F-B764-B55691D66D8D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{504F1256-BDE0-4261-8BDE-9281640E698F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8EA8D7F9-B1A5-40AE-9920-AD9E505BC31A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F0228C4F-AF72-4B65-9E4D-16CC902F20FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2A0A99F5-963F-4563-A73C-4FA1AD26DB60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3A734834-BA81-4E8C-A371-35E3ADF5369D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{306B0784-DACA-477B-A4C2-ECC60AC8E600}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{70080B02-45B3-483F-8AF4-239A34A5A4CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0BEDE0CA-E19E-4760-B3FF-93ED49244A18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D615C11F-404B-41C5-930D-125BDE800E1B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B4C7F9D7-5741-4CA2-A258-1A35306C57DA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{5566560A-1A3B-408E-BA82-9BD52D863D4E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{3EFCA6DE-3B47-4954-A750-F3ABA56ACB57}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{F5F5D586-6084-48D8-A972-3F65B9AF9726}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{96B523A2-146B-4869-90AF-B39A67ECB2EC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{67FDD3B4-AD36-4552-A238-613786A5CCD7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{DB3DB492-2837-4187-A670-705BD7379D73}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{384BB1FB-E76B-4C2A-8E84-E069FD7D9872}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{1082484B-E77F-4342-835E-6F78E8983CCD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{26BA2938-133D-407D-80D3-B4F0CC9A8CC9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{17209D76-7BEA-46F5-BA78-6E6D555ECD2A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{11E15BC9-25FC-483C-8271-F19D8E50CE3B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{9D4C758F-0DBF-4F33-AF69-9BA394959684}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Punkty Przywracania systemu ========================= 20-02-2024 15:15:25 Windows Update 23-02-2024 08:44:20 Installed UsbDk Runtime Libraries 24-02-2024 14:53:53 Installed iTunes ==================== Wadliwe urządzenia w Menedżerze urządzeń ============ ==================== Błędy w Dzienniku zdarzeń: ======================== Dziennik Aplikacja: ================== Error: (02/26/2024 10:28:40 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Users\aspat\AppData\Local\CapCut\CapCut.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest. Error: (02/26/2024 10:00:16 AM) (Source: Application Error) (EventID: 1000) (User: PATRYK) Description: Nazwa aplikacji powodującej błąd: AcerRegistrationBackGroundTask.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x64375ffb Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.22621.3155, sygnatura czasowa: 0x587de32b Kod wyjątku: 0xc000041d Przesunięcie błędu: 0x00149542 Identyfikator procesu powodującego błąd: 0x0x247c Godzina uruchomienia aplikacji powodującej błąd: 0x0x1da689235798ddf Ścieżka aplikacji powodującej błąd: C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\KERNELBASE.dll Identyfikator raportu: ff955b19-9d38-441d-9ce1-96ef9a39b1bc Pełna nazwa pakietu powodującego błąd: AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 Identyfikator aplikacji względem pakietu powodującego błąd: Acer.AcerRegistration Error: (02/26/2024 10:00:13 AM) (Source: Application Error) (EventID: 1000) (User: PATRYK) Description: Nazwa aplikacji powodującej błąd: AcerRegistrationBackGroundTask.exe, wersja: 1.0.0.0, sygnatura czasowa: 0x64375ffb Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.22621.3155, sygnatura czasowa: 0x587de32b Kod wyjątku: 0xc0020001 Przesunięcie błędu: 0x00149542 Identyfikator procesu powodującego błąd: 0x0x247c Godzina uruchomienia aplikacji powodującej błąd: 0x0x1da689235798ddf Ścieżka aplikacji powodującej błąd: C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\KERNELBASE.dll Identyfikator raportu: ad19eb93-cf37-4ee8-9b77-1329c2eaa50e Pełna nazwa pakietu powodującego błąd: AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 Identyfikator aplikacji względem pakietu powodującego błąd: Acer.AcerRegistration Error: (02/26/2024 10:00:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplikacja: AcerRegistrationBackGroundTask.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu nieobsłużonego wyjątku. Informacje o wyjątku: kod wyjątku: c0020001, adres wyjątku: 754D9542 Stos: w MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) w MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) w System.Environment._Exit(Int32) w System.Environment.Exit(Int32) w AcerRegistrationBackGroundTask.MainWindow+<closeBackGroundTask>d__24.MoveNext() w System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[AcerRegistrationBackGroundTask.MainWindow+<closeBackGroundTask>d__24, AcerRegistrationBackGroundTask, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<closeBackGroundTask>d__24 ByRef) w AcerRegistrationBackGroundTask.MainWindow.closeBackGroundTask() w AcerRegistrationBackGroundTask.MainWindow.Window_Loaded(System.Object, System.Windows.RoutedEventArgs) w System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs) w System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean) w System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs) w System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs) w System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent) w System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object) w MS.Internal.LoadedOrUnloadedOperation.DoWork() w System.Windows.Media.MediaContext.FireLoadedPendingCallbacks() w System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() w System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object) w System.Windows.Media.MediaContext.RenderMessageHandler(System.Object) w System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget) w System.Windows.Interop.HwndTarget.OnResize() w System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr) w System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) w MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) w MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32) w System.Windows.Window.ShowHelper(System.Object) w System.Windows.Window.Show() w System.Windows.Application+<>c.<RunInternal>b__105_0(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.DispatcherOperation.InvokeImpl() w System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) w MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object) w System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) w System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) w MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) w System.Windows.Threading.DispatcherOperation.Invoke() w System.Windows.Threading.Dispatcher.ProcessQueue() w System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) w MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) w System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) w System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) w System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) w MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) w MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) w System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) w System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) w System.Windows.Application.RunDispatcher(System.Object) w System.Windows.Application.RunInternal(System.Windows.Window) w System.Windows.Application.Run(System.Windows.Window) w AcerRegistrationBackGroundTask.Startup.Main(System.String[]) Error: (02/26/2024 09:56:57 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Users\aspat\AppData\Local\CapCut\CapCut.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest. Error: (02/26/2024 09:56:57 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Users\aspat\AppData\Local\CapCut\CapCut.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest. Error: (02/26/2024 09:51:15 AM) (Source: Application Error) (EventID: 1000) (User: ZARZĄDZANIE NT) Description: Nazwa aplikacji powodującej błąd: InstalledPackagesAgent.exe, wersja: 5.0.3016.0, sygnatura czasowa: 0x62909813 Nazwa modułu powodującego błąd: InstalledPackagesAgent.exe, wersja: 5.0.3016.0, sygnatura czasowa: 0x62909813 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0001c9f6 Identyfikator procesu powodującego błąd: 0x0x1e70 Godzina uruchomienia aplikacji powodującej błąd: 0x0x1da6890f459e945 Ścieżka aplikacji powodującej błąd: C:\Program Files\Acer\User Experience Improvement Program Service\Plugin\AppMonitor\InstalledPackagesAgent.exe Ścieżka modułu powodującego błąd: C:\Program Files\Acer\User Experience Improvement Program Service\Plugin\AppMonitor\InstalledPackagesAgent.exe Identyfikator raportu: b41456bc-7c65-4be3-99ee-7b222ff56a71 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (02/26/2024 09:45:06 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Users\aspat\AppData\Local\CapCut\CapCut.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_6eb991c088050a06.manifest. Składnik 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2506_none_270c5ae97388e100.manifest. Dziennik System: ============= Error: (02/26/2024 09:47:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (02/26/2024 09:47:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (60000 ms) podczas oczekiwania na połączenie się z usługą Usługa Google Update (gupdate). Error: (02/26/2024 09:45:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa FDResPub zakończyła działanie; wystąpił następujący błąd: %%2147952449 = Żądany adres jest nieprawidłowy w tym kontekście. Error: (02/26/2024 09:45:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa MessagingService_694a1 zakończyła działanie; wystąpił następujący błąd: Urządzenie nie jest gotowe. Error: (02/25/2024 10:04:00 PM) (Source: DCOM) (EventID: 10010) (User: PATRYK) Description: Serwer {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (02/25/2024 09:05:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80246007: Apple, Inc. - USBDevice - 538.0.0.0. Error: (02/25/2024 08:16:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (02/25/2024 08:16:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (60000 ms) podczas oczekiwania na połączenie się z usługą Usługa Google Update (gupdate). Windows Defender: ================ Date: 2024-02-26 09:45:14 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Androm!pz&threatid=2147893116&enterprise=0 Nazwa: Trojan:MSIL/Androm!pz Identyfikator: 2147893116 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9000.16816\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9520.37889\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$EXa13244.44120\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\Desktop\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; process:_pid:6644,ProcessStart:133532709174996135 Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: Nazwa procesu: C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe Wersja analizy zabezpieczeń: AV: 1.405.592.0, AS: 1.405.592.0, NIS: 1.405.592.0 Wersja aparatu: AM: 1.1.24010.10, NIS: 1.1.24010.10 Date: 2024-02-26 09:45:14 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Androm!pz&threatid=2147893116&enterprise=0 Nazwa: Trojan:MSIL/Androm!pz Identyfikator: 2147893116 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9000.16816\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9520.37889\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$EXa13244.44120\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\Desktop\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; process:_pid:6644,ProcessStart:133532709174996135 Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: Nazwa procesu: S:\Program Files\WinRAR\WinRAR.exe Wersja analizy zabezpieczeń: AV: 1.405.592.0, AS: 1.405.592.0, NIS: 1.405.592.0 Wersja aparatu: AM: 1.1.24010.10, NIS: 1.1.24010.10 Date: 2024-02-26 09:45:14 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Androm!pz&threatid=2147893116&enterprise=0 Nazwa: Trojan:MSIL/Androm!pz Identyfikator: 2147893116 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9000.16816\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9520.37889\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\Desktop\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: Nazwa procesu: S:\Program Files\WinRAR\WinRAR.exe Wersja analizy zabezpieczeń: AV: 1.405.592.0, AS: 1.405.592.0, NIS: 1.405.592.0 Wersja aparatu: AM: 1.1.24010.10, NIS: 1.1.24010.10 Date: 2024-02-26 09:45:14 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Androm!pz&threatid=2147893116&enterprise=0 Nazwa: Trojan:MSIL/Androm!pz Identyfikator: 2147893116 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9000.16816\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: Nazwa procesu: C:\Windows\explorer.exe Wersja analizy zabezpieczeń: AV: 1.405.592.0, AS: 1.405.592.0, NIS: 1.405.592.0 Wersja aparatu: AM: 1.1.24010.10, NIS: 1.1.24010.10 Date: 2024-02-25 21:48:16 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Androm!pz&threatid=2147893116&enterprise=0 Nazwa: Trojan:MSIL/Androm!pz Identyfikator: 2147893116 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9000.16816\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$DRa9520.37889\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\AppData\Local\Temp\Rar$EXa13244.44120\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; file:_C:\Users\aspat\Desktop\iFRPFILE AIO v2.8.6\iFRPFILE AIO v2.8.6.exe; process:_pid:6644,ProcessStart:133532709174996135 Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: Konkretne Źródło wykrycia: Ochrona w czasie rzeczywistym Użytkownik: Nazwa procesu: C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe Wersja analizy zabezpieczeń: AV: 1.405.592.0, AS: 1.405.592.0, NIS: 1.405.592.0 Wersja aparatu: AM: 1.1.24010.10, NIS: 1.1.24010.10 CodeIntegrity: =============== Date: 2024-02-26 10:30:44 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Statystyki pamięci =========================== BIOS: Insyde Corp. V1.19 10/28/2022 Płyta główna: TGL Scala_TLS Procesor: 11th Gen Intel(R) Core(TM) i5-11400H @ 2.70GHz Procent pamięci w użyciu: 47% Całkowita pamięć fizyczna: 16163.3 MB Dostępna pamięć fizyczna: 8548.15 MB Całkowita pamięć wirtualna: 23331.3 MB Dostępna pamięć wirtualna: 13404.8 MB ==================== Dyski ================================ Drive c: (Acer) (Fixed) (Total:231.53 GB) (Free:44.28 GB) (Model: NVMe Micron_2450_MTFDKBA512TFK) NTFS Drive d: (Stary SSD) (Fixed) (Total:77.61 GB) (Free:20.8 GB) (Model: SSDPR-CL100-120-G2) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive e: (Nowy 500GB) (Fixed) (Total:465.75 GB) (Free:63.66 GB) (Model: NVMe CT500P3SSD8) NTFS Drive f: (Stary SSD II) (Fixed) (Total:34.18 GB) (Free:28.55 GB) (Model: SSDPR-CL100-120-G2) NTFS Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:1.45 GB) (Model: NVMe Micron_2450_MTFDKBA512TFK) FAT32 Drive s: (Acer II) (Fixed) (Total:244.14 GB) (Free:136.36 GB) (Model: NVMe Micron_2450_MTFDKBA512TFK) NTFS \\?\Volume{cbdf2fc0-0eab-4db1-bcc1-802316cb1f8d}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.33 GB) NTFS \\?\Volume{136f2559-ab48-4425-8c23-62ab0a99db79}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32 ==================== MBR & Tablica partycji ==================== ==================== Koniec Addition.txt =======================
Bromidum komentarz 26 lutego komentarz 26 lutego Dodaj jako załącznik. Czytelność cytatu/kodu jest słaba.
Bromidum komentarz 26 lutego komentarz 26 lutego 1) Odinstaluj: App Explorer od SweetLabs. 2) Uruchom FRST/FRST64.exe, wciśnij kombinację klawiszy ctrl + y. Otworzy się notatnik, do którego wklej zawartość skryptu. Zamknij i zapisz. W FRST kliknij „napraw” → CloseProcesses: CreateRestorePoint: VirusTotal: C:\Users\aspat\AppData\Local\DualSenseX\DualSenseX.exe VirusTotal: C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA Task: {05ABA444-AE39-46D7-AB0E-9367CEF8881C} - System32\Tasks\App Explorer => C:\Users\aspat\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7574560 2023-03-29] (SweetLabs Inc -> SweetLabs, Inc) <==== UWAGA Task: {18330C8D-AE72-41CF-BC6D-60F2173C97BA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{16B56237-630A-4106-9696-CBB563142397} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== UWAGA S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== UWAGA S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== UWAGA S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] S1 mqlheccz; \??\C:\Windows\system32\drivers\mqlheccz.sys [X] S3 SrvcWTDMIOMngr; \??\C:\OEM\OA30\WTDMIoMngr.sys [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [MicrosoftEdgeAutoLaunch_9C0351EC673C45D35EA025DF5DE5B6AC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Opera GX Stable] => C:\Users\aspat\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-17] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\aspat\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software) Task: {400E56C0-0856-4130-BE32-AC189125BAC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.) Task: {24141A4D-8296-4045-84D5-94719151B619} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {FAD12A7C-0BBE-4D7B-8C9F-7A2B3F8C605A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {7B66D6F6-DE62-4124-ACB7-FCFABA928691} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {4B8EBFC6-A60D-4F52-8379-528992D070E0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306328 2024-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {9DC8F04D-AD31-4293-BA20-47E4B877268F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-02] (Microsoft Corporation -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Brak pliku) Task: {943B3492-AD64-4DEF-A3CD-35EA56FC631B} - System32\Tasks\Oem\xvpnHelperTask => "%localappdata%\OEM\PromoX\XvpnHelper\XvpnInstaller.exe" /install (Brak pliku) Task: {B6DC7207-D48F-463F-A044-1280DB7F0F53} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1696368095 => C:\Users\aspat\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-17] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\aspat\AppData\Local\Programs\Opera GX\assistant" $(Arg0) Task: {9B792FE5-3608-4BF6-9A41-00DB6A8FBC0B} - System32\Tasks\Opera GX scheduled Autoupdate 1695645282 => C:\Users\aspat\AppData\Local\Programs\Opera GX\launcher.exe [2303904 2024-02-17] (Opera Norway AS -> Opera Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{73101cad-e87a-4b10-bfee-fd3dd6c07745}: [DhcpNameServer] 192.168.1.20 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{e1814856-1763-46f4-a933-1dee151467a0}: [DhcpNameServer] 192.168.1.20 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{e1814856-1763-46f4-a933-1dee151467a0}\845514755494D285E65324: [DhcpNameServer] 192.168.100.1 C:\Program Files (x86)\Google\GoogleUpdater C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom C:\Users\aspat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh CHR HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKU\S-1-5-21-2444858711-1819379462-4076300061-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CustomCLSID: HKU\S-1-5-21-2444858711-1819379462-4076300061-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => Brak pliku FirewallRules: [TCP Query User{160E3E4C-9629-4171-82CC-19990175978E}S:\gry epic\gta v\gtav\gta5.exe] => (Allow) S:\gry epic\gta v\gtav\gta5.exe => Brak pliku FirewallRules: [UDP Query User{3075B894-4389-4732-9DA6-375F6AFD686D}S:\gry epic\gta v\gtav\gta5.exe] => (Allow) S:\gry epic\gta v\gtav\gta5.exe => Brak pliku FirewallRules: [{DDD733C2-9FC1-4980-97EA-CEBD29C6ED13}] => (Allow) S:\Program Files (x86)\EA Games\FIFA 10\FIFA10.exe => Brak pliku FirewallRules: [{EA7A3E46-9D6D-4B1C-B45E-D3B621E77C66}] => (Allow) S:\Program Files (x86)\EA Games\FIFA 10\FIFA10.exe => Brak pliku FirewallRules: [{5F7A2B01-494E-426F-9293-9D76593FFFD0}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Brak pliku FirewallRules: [{11A8F80E-C88E-4A3F-80C9-4FF7F2FE692D}] => (Allow) S:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Brak pliku FirewallRules: [{85CE8B12-BF68-4E94-B372-43A3945286DB}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.2\ABService.exe => Brak pliku FirewallRules: [{FA2531C9-0864-4C94-9D7A-E494BCAD0D7A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.2\ABService.exe => Brak pliku AlternateDataStreams: C:\Users\aspat\Desktop\FRST64.exe:MBAM.Zone.Identifier [240] AlternateDataStreams: C:\Users\aspat\Desktop\RogueKiller_portable64.exe:MBAM.Zone.Identifier [191] AlternateDataStreams: C:\Users\aspat\Documents\Szpital biodro.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\aspat\Documents\Szpital biodro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] EmptyEventLogs: CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: sfc /scannow EmptyTemp: Plik naprawczy przeznaczony jest tylko dla autora wątku! Po wykonaniu skryptu i ponownym uruchomieniu załącz utworzony fixlog.txt 3) Emsisoft Emergency KIT -> https://www.emsisoft.com/en/home/emergencykit/ Przed rozpoczęciem skanowania wykonaj aktualizację sygnatur, następnie wybierz „malware skan”. Upewnij się, że wykrywanie potencjalnie niechcianych programów (PNP) jest włączone. Raporty z pracy skanera znajdują się w lokacji C:\EEK\Reports. Przenośny skaner Emsisoftu pozostaw do okresowych skanowań swojego urządzenia. Poradnik do Chrome → https://soo.bearblog.dev/chrome/ Zwróć uwagę na rozszerzenia oraz uprawnienia, które zostały im przydzielone. Zmień serwer DNS na Quad9 → https://www.youtube.com/embed/aujUl3yt6nM?autoplay=1 (podstawowy 9.9.9.9, zapasowy 149.112.112.112)
lomcio komentarz 26 lutego Autor komentarz 26 lutego (edytowane) Oto fixlog, było coś groźnego na moim laptopie jakieś programy? Co z tym USB Programerem? Fixlog.txt Zeskanowałem laptopa narzędziem od windowsa i wykazało to Trojan:MSIL/Androm!pz (aktywne), dziwne bo uruchomiłem akcje Usuń i mimo to ciągle się to pojawia a jak sprawdzę ścieżkę to tego już tam nie ma, jak się tego pozbyć? Edytowane 26 lutego przez lomcio Trojan
Bromidum komentarz 26 lutego komentarz 26 lutego Wykonałeś skan Emsisoft Emergency KIT? Spróbuj jeszcze Windows Defender offline. Było kilka złośliwych elementów - usunięte.
lomcio komentarz 26 lutego Autor komentarz 26 lutego Tak, skan wykonany, nic nie wykazał, użyłem tego defendera offline i jedyne co pokazało to właśnie ten trojan, nie wiem czy się tym przejmować skoro w lokalizacji która jest podana nic nie ma.
Bromidum komentarz 27 lutego komentarz 27 lutego Pokaż lokalizację wykrytego zagrożenia. Wykonaj nowy skan FRST i załącz ponownie FRST.txt i Addition.txt
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.